UC San Diego SearchMenu

LastPass

Last Pass Enterprise

Learn about using LastPass to store and manage your passwords at UC San Diego.

UC San Diego has vetted and tested LastPass enterprise to be our password manager software of choice. No more writing down passwords on a sticky note or keeping a spreadsheet on your desktop!

LastPass Uses

You'll want to use your LastPass Enterprise account to manage all your university credentials - for example, Business Systems logins, travel, Office 365 and more.

About LastPass

LastPass securely stores all your usernames and passwords and automatically logs you into your online accounts. Benefits include:

  • A password generator tool to help you create strong, unique passwords for every site
  • Autofill to save you time
  • Protection against forgotten passwords
  • More information can be found at the LastPass website https://www.lastpass.com/

Getting started

In order to use LastPass, you will need to register for an account, install a browser extension on your desktop and download the app to your device(s).

Registration

UC San Diego Enterprise accounts

LastPass Enterprise accounts use your Active Directory username as your LastPass username. Upon registering, you'll be provided a temporary password that you'll need to update with a new Master Password.

Start the LastPass registration process (login required)

Linking a personal account

With your Enterprise account, you can also set up a LastPass personal account for your personal credentials such as financial institutions, ecommerce sites and more. LastPass allows you to link your personal and Enterprise accounts. You'll see your university accounts in one folder and your personal accounts in another folder. 

Important: Do not mix the two accounts!

  • Keep university credentials in your Enterprise account
  • Keep personal credentials in your personal account

If you already have a LastPass personal account, you can link it upon registering your Enterprise account. If not, you'll be prompted to create a personal account (using separate credentials) when setting up your Enterprise account. 

Even if you link the accounts, any credentials related to UC San Diego should be stored with the Enterprise Account.

Your personal account should be used for credentials unrelated to the University. UCSD has no ties to your Personal LastPass account even if linked to your Enterprise Account. You will keep your personal account even after you no longer have the Enterprise account.

Download

Browser Plug-In

LastPass plug-ins are available for every major browser. LastPass will help you by filling in your usernames and passwords for websites so that you only need to remember your LastPass master password. The plug-in also makes it easy to add new sites to LastPass for safe-keeping. Download and install LastPass yourself.

Smartphone and Tablet App

LastPass supports every major smartphone and tablet including Android, iOS, BlackBerry and Windows Mobile devices. Learn more about LastPass on mobile and download LastPass for your mobile platform.

Security

How it works - You create a LastPass login secured with a Master Password that will be used to store all of your login credentials.

LastPass employs a 'zero-knowledge' model: all sensitive data is encrypted locally at your device with a key that is never transmitted to the host (LastPass). As such, even under government subpoena, LastPass could ever only turn over an encrypted blob with no key. This serves to protect your data from internal and external threats alike.

Any business account that you use in the workplace can and should be stored in your Enterprise account. We recommend that you do not store any personal information in the Enterprise account, but rather in a separate, personal LastPass account which you can link to your Enterprise account for convenience while still preserving your privacy.

What happens if your account is compromised

LastPass proactively performs daily checks to see if your LastPass account email addresses are on any compromised list for other web services. If a match is found, an email notification is sent to the LastPass user, notifying them of the domain that was breached and the potential risk.

Users can then run the LastPass Security Challenge (login required) to verify if the password for the breached site is used elsewhere. You should then update the password for the affected account, and any other accounts using that password, using LastPass to generate a new, strong password. Learn more about the LastPass security challenge.

What happens if you forget your Master Password

Forgetting your Master Password may actually result in the loss of all credentials stored within. The Service Desk may be able to reset the Master Password, but it is not guaranteed.

Resources